Hacker News new | ask | show | jobs
by bsd44 1667 days ago
"If Apple discovers activity consistent with a state-sponsored attack"

I am really interested in understanding more about a "state-sponsored attack" as someone who works in Ops and has experience in CyberSec. All these years working in the industry and I had no idea you could identify an "attack" that easily.
5 comments
kube-system 1666 days ago
It’s not easy.

> Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent.

> State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected.

Identifying the source of these attacks is often done by analyzing the tools and techniques, in comparison to other known tools and methods, and/or by information gathered in meat space.

link
bsd44 1666 days ago
I was being sarcastic. Not only is it not easy, it is impossible! There is no such thing as distinguishing a cyber attack of any kind between a state-sponsored and independent-sponsored. This move by Apple is bizarre to say the least.
link
floatingatoll 1667 days ago
See also: Apple sues NSO Group to curb the abuse of state-sponsored spyware (apple.com) https://news.ycombinator.com/item?id=29320986
link
_jal 1667 days ago
Where do you see the word 'easily' in Apple's statement?

If the complaint is that attribution is sometimes sketchy, so? Sometimes it isn't.

link
atmosx 1666 days ago
I believe it has to do with phishing attempts by known tools (NSO’s Pegasus). If anyone has the resources to fend them off, fingerprint them, etc it is Apple, Microsoft and Google.
link
jaegerpicker 1667 days ago
For a company with the resources of Apple? I'd imagine their Threat Hunting/Identification and classification systems are top notch. There are a number of know taxonomies for different attacks around and I'm quite sure Apple has some automation around identifying those attacks. It even addresses that many will be false positives. Example taxonomy: https://us-cert.cisa.gov/CISA-National-Cyber-Incident-Scorin...
link